[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption
From: Solar Designer <solar () openwall ! com>
Date: 2016-03-26 14:52:11
Message-ID: 20160326145211.GA22709 () openwall ! com
[Download RAW message or body]
On Tue, Mar 22, 2016 at 11:58:39PM +0300, Solar Designer wrote:
> The primary reason I am posting this is so that other distros know the
> vulnerability was apparently shown to be exploitable.
And that's not the end of the story:
https://lwn.net/SubscriberLink/681062/b974fb24a6c4617b/
"Posted Mar 25, 2016 13:23 UTC (Fri) by BenHutchings (subscriber, #37955) [Link]
Unfortunately the fix by Seth Jennings for RHEL, later applied to
stable branches, was still incorrect, leading to CVE-2016-0774. I hope
AOSP picks up the second fix as well."
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0774
"Petr Matousek 2016-02-02 09:34:35 EST
It was found that the fix for CVE-2015-1805 incorrectly kept buffer
offset and buffer length in sync on failed atomic read, potentially
resulting in pipe buffer state corruption.
A local, unprivileged user could use this flaw to crash the system or
leak kernel memory to user-space.
Upstream Linux kernel is not affected by this flaw as it was introduced
by the Red Hat Enterprise Linux only fix for CVE-2015-1805.
Acknowledgements:
The security impact of this issue was discovered by Red Hat."
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic